[Zope] Acquisition / proxying object

Peter Sabaini peter at sabaini.at
Mon Feb 25 15:02:21 EST 2008 

On Monday 25 February 2008 20:45:37 Joerg Baach wrote:
> Hi *,
>
> I am trying to have a folderish object that acquires from a user object
> (ldapuserfolder). It should have its own properties and contents, but
> fall back to the ones of the ldap user.
>
> I have created an object, extending Folder, and it behaves nicely in
> zopectl debug. When I try to access it through e.g. a python script  I
> get an:
>
> Error Type: Unauthorized
> Error Value: Unable to find __roles__ in the container and the container
> is not wrapped. Access to 'dn' of test, acquired through (LDAPProxy at
> /testfolder/ldapproxy), denied.
>
> I am sure its my lack of understanding of acquisition. I am trying to
> bascially put ldap user object 'on top' of the aquisition line (with the
> ldapproxy at the bottom), but obviously failing in doing so. Any ideas?

I'm not familiar with LDAPUserFolder (its not really a user object but a user 
container, isn't it?) but the error you're getting is a security error -- the 
Python Script checks for security attributes before it accesses attributes. 
You need to add the appropriate security declarations in your product before 
it can be used inside PyScript

You might try the verbose-security directive in zope.conf to debug stuff like 
that; I hope it is available in the version of Zope you're running (I'm on 
2.10)

As a hack to disable all security checks on a class you can add the attribute 
__allow_access_to_unprotected_subobjects__ = 1 , effectively disabling 
security. This of course should only be done if you trust your users!

hth
peter.



> Cheers,
>
>   Joerg
>
>
>
> --------8< excerpt from code ---------------
>
> class LDAPProxy(Folder):
>
>     meta_type='LDAPProxy'
>
>     def __init__(self, id, remoteid,title='',REQUEST=None):
>         self.id = id
>         self.title = title
>         self.remoteid = remoteid
>
>     def __of__(self, parent):
>         if not hasattr(parent,'aq_base'):
>             return self
>         folder,id = self.remoteid.split(':')
>         acl = parent.restrictedTraverse(folder)
>         remote = acl.getUser(id)
>         return Folder.__of__(self,parent.__of__(remote))
>
> ------- teststructure----------
>
> /testfolder/
>            ldapproxy (LDAPProxy)
>            acl_users/
>            testscript (.py)
>
>
> --------8< testscript ---------------------
> return context.ldapproxy.dn
>
> --------traceback--------------------------
> Traceback (most recent call last):
>   File "/home/joerg/zope/Zope-2.8.5/lib/python/ZPublisher/Publish.py",
> line 113, in publish
>     request, bind=1)
>   File "/home/joerg/zope/Zope-2.8.5/lib/python/ZPublisher/mapply.py",
> line 88, in mapply
>     if debug is not None: return debug(object,args,context)
>   File "/home/joerg/zope/Zope-2.8.5/lib/python/ZPublisher/Publish.py",
> line 40, in call_object
>     result=apply(object,args) # Type s<cr> to step into published object.
>   File
> "/home/joerg/zope/Zope-2.8.5/lib/python/Shared/DC/Scripts/Bindings.py",
> line 311, in __call__
>     return self._bindAndExec(args, kw, None)
>   File
> "/home/joerg/zope/Zope-2.8.5/lib/python/Shared/DC/Scripts/Bindings.py",
> line 348, in _bindAndExec
>     return self._exec(bound_data, args, kw)
>   File
> "/home/joerg/zope/Zope-2.8.5/lib/python/Products/PythonScripts/PythonScript
>.py", line 323, in _exec
>     result = f(*args, **kw)
>   File "Script (Python)", line 1, in testscript
>   File
> "/home/joerg/zope/Zope-2.8.5/lib/python/AccessControl/ImplPython.py",
> line 727, in guarded_getattr
>     aq_acquire(inst, name, aq_validate, validate)
>   File
> "/home/joerg/zope/Zope-2.8.5/lib/python/AccessControl/ImplPython.py",
> line 669, in aq_validate
>     return validate(inst, object, name, v)
>   File
> "/home/joerg/zope/Zope-2.8.5/lib/python/AccessControl/ImplPython.py",
> line 563, in validate
>     self._context)
>   File
> "/home/joerg/zope/Zope-2.8.5/lib/python/AccessControl/ImplPython.py",
> line 293, in validate
>     accessed, container, name, value, context)
>   File
> "/home/joerg/zope/Zope-2.8.5/lib/python/AccessControl/ImplPython.py",
> line 808, in raiseVerbose
>     raise Unauthorized(text)
> Unauthorized: Unable to find __roles__ in the container and the
> container is not wrapped.  Access to 'dn' of test, acquired through
> (LDAPProxy at /testfolder/ldapproxy), denied.

More information about the Zope mailing list